Employee Lookup or User Profile searches in SharePoint 2007

Want to allow users to search / lookup employees through the Active Directory? The Employee Lookup webpart, for a SharePoint 2007 publishing portal, does not work right out of the box – as it needs to be configured. As I continue learning and start sharing my experiences with the SharePoint community, I thought I’d share my notes on how to get the Employee Lookup Web Part working.

What is the Employee Lookup Web Part?
The Employee Lookup Web Part allows you to search your company’s active directory for contact information. Advanced search fields that are provided are First and Last Name, Department, Title, Responsbilities, Skills and Memeberships. Instructions for creating a new connection and applying an LDAP user filter to limit the profiles imported by your Shared Service Provider:

1. Log in to your SharePoint Central Administration site.

2. Select your Shared Service Provider and click on “User profiles and properties” under the “User Profiles and My Sites” column.

3. Click on the link, “Manage Connections”.

4. Click on “Create New Connection”.

5. Give the connection a meaningful name.

6. In the Add Connection screen, input the following properties:

Import User Profile Connection Settings

Import User Profile Connection Settings

Connection Settings
Type: Active Directory
Domain Name:Select Auto discover domain controller or Specify a domain controller (pick from drop down list)
Port: 389
Time out (in seconds): 120
Select Enable Server Side Incremental so that you can increase user profile import efficiency
Search Settings
Click on Auto Fill Root Search Base or specify yourself in the Search base
User Filter: use this to specify which profiles are imported by using LDAP query
Scope Level: are the user profiles imported only from the first level of the subtree or from the entire subtree?
Page size: limit the amount of data that is imported for each page
Page time out: limit the amount of time spent attempting to access a server that is not responding
Authentication Information
Specify the credentials with which you want to connect to the directory service. Create a service domain account with read only access to Active Directory.

Before we configure the user profile import, the data connection has to be defined. You should consider using a Active Directory or LDAP browsing utility.
I have used Softerra’s LDAP Browser

7. Enter the LDAP user filter of your choice (see below for examples) .

8. Now you are ready to import your LDAP users into the profile database. Go back a screen and start a full import. From here you can keep refreshing the screen to see the progress. This takes approx. 1 min per 100 user profiles (depending on your server). Once the import starts enumerating you should see user profiles being imported into SharePoint. When the import is complete, click “View Profiles” to see what profiles were imported. Also view the Import Log and filter to see if there were any errors.

User Filter

Default user filter:
(&(objectCategory=Person)(objectClass=User))

Import groups and exclude disable accounts with no lastname, firstname, email address:
(|(objectCategory=group)(&(objectCategory=Person)(objectClass=User)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(sn=*)(givenName=*)(mail=*)))

Exclude accounts with no email address:
(&(objectCategory=Person)(objectClass=User)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(mail=*))

Exclude disabled accounts:
(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))

Exclude accounts with passwords set to expire:
(&(objectCategory=person)(objectClass=user)(!userAccountControl=65536))

Include only the accounts with valid email addresses
(&(objectCategory=Person)(objectClass=User)(mail=*com)

Include only the accounts that are part of the Branch1 organizational unit
(&(objectCategory=Person)(objectClass=User)(memberof:1.2.840.113556.1.4.1941:=(CN=Authenticated Users,OU=Branch1,DC=domain,DC=local)))

Exclude accounts that don’t have a first name
(&(objectCategory=Person)(objectClass=User)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(!givenName=*)))

You have just uploaded the user profiles from your Active Directory and have setup Incremental Import Schedule for incremental updates to your Active Directory. Now its time to include the user profiles that you have imported into your content sources. We will now configure the Employee Lookup Web Part which allows you the ability to search against user profiles that you import from the Active Directory. Its not a process that is real time but does allow you to setup import schedules for incremental changes.

9. Enabling the Employee Lookup Web Part Search which allows you the ability to search against user profiles that you import from the Active Directory.

10. Go to Shared Services Administration for your SSP.

11. Under Search section click on Search settings.

12. On Configure Search Settings page click on ‘Content sources and crawl schedules’.

13. On the ‘Manage Content Sources’ page, click the arrow to pull up the context sensitive menu next to ‘Local Office SharePoint Server sites’.

14. In the drop menu click Edit and make sure you have added SPS3 protocol under ‘Start Addresses’. For more information on SPS3 check my blog ‘SharePoint and SPS3, SPS3S, STS3, STS3S, BDC, BDC2, File, RB, RBS, Notes Protocols

Content Search Connection Settings

Content Search Connection Settings

14. In the drop menu click Start Full Crawl. Verify that crawl started (status changed to Full Crawl) and wait until crawl has completed (status should change to Idle)

Well that its, the user profiles are now searchable. The user profiles that you imported should now be a part of the search index. Searching for any name, or other data, will bring up results for those that exist. What you might notice is that many of the properties are not included and only the name and the email addresses were imported.

Reference

http://www.sharepointbuzz.com/archive/2007/03/08/how-to-configure-employee-lookup-web-part-part-1.aspx

http://www.sharepointbuzz.com/archive/2007/03/09/how-to-configure-employee-lookup-web-part-series-part-2.aspx

http://sharepointsherpa.com/2008/03/14/sharepoint-2007-ldap-user-filters-for-limiting-user-profile-import/

Softerra’s LDAP Browser

Advertisements

Diganta Kumar has architected and developed software for more than a decade for a wide range of industries and development platforms and over the years has filled many roles including program manager, founder, developer, architect, team lead, mentor and project manager. Diganta is founder of two online IT businesses. He is a certified AWS Solutions Architect, certified Professional Scrum Master (PSM I), certified Professional Scrum Developer (PSD I) and ITIL Certified. He has presented at Microsoft Tech.Ed, Microsoft AppFest and Ark Group Intranet conference. He attends AWS Seattle Official Events, Seattle AWS Architects-Engineers, and AWS Cloud Commerce user groups. He likes to help, mentor and manage software development teams to improve and produce great software. He currently work as a Senior Technical Program Manager for Amazon Web Services.

Tagged with:
Posted in SharePoint
2 comments on “Employee Lookup or User Profile searches in SharePoint 2007
  1. Bryan Greaves says:

    Hello and thank you for taking time out to develop such an article. I attempted to follow your steps which appear to be easy enough but the problem I have is that I do not see how to get to step 3 ‘manage connections’. That tab doesnt exist on my options list? I was basically thrown into managing this SP site and really have little knowledge but I try to learn and run into road blocks just about every where. Anyway, if you could help me just a little, I would really appreciate it. My email address is attached.

    thank you!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s